Implement authentication using Passport.js

2026-02-16 20:13:49 +00:00 · 2023-02-05 19:27:19 -05:00
parent 86f6f9abc5
commit 087a1a4513
26 changed files with 2073 additions and 412 deletions
--- a/pages/api/users/current.ts
+++ b/pages/api/users/current.ts
@@ -0,0 +1,24 @@
+import NextConnectConfig from '@/config/nextConnect/NextConnectConfig';
+import { ExtendedNextApiRequest } from '@/config/auth/types';
+import APIResponseValidationSchema from '@/validation/APIResponseValidationSchema';
+import { NextApiResponse } from 'next';
+import getCurrentUser from '@/config/auth/middleware/getCurrentUser';
+import nextConnect from 'next-connect';
+import { z } from 'zod';
+
+const sendCurrentUser = async (req: ExtendedNextApiRequest, res: NextApiResponse) => {
+  const { user } = req;
+  res.status(200).json({
+    message: `Currently logged in as ${user!.username}`,
+    statusCode: 200,
+    success: true,
+    payload: user,
+  });
+};
+
+const handler = nextConnect<
+  ExtendedNextApiRequest,
+  NextApiResponse<z.infer<typeof APIResponseValidationSchema>>
+>(NextConnectConfig).get(getCurrentUser, sendCurrentUser);
+
+export default handler;
--- a/pages/api/users/login.ts
+++ b/pages/api/users/login.ts
@@ -0,0 +1,47 @@
+import APIResponseValidationSchema from '@/validation/APIResponseValidationSchema';
+import NextConnectConfig from '@/config/nextConnect/NextConnectConfig';
+import passport from 'passport';
+import nextConnect from 'next-connect';
+import localStrat from '@/config/auth/localStrat';
+import { setLoginSession } from '@/config/auth/session';
+import { NextApiResponse } from 'next';
+import { z } from 'zod';
+import ServerError from '@/config/util/ServerError';
+import { ExtendedNextApiRequest } from '../../../config/auth/types';
+
+const LoginSchema = z.object({
+  username: z.string(),
+  password: z.string(),
+});
+
+export default nextConnect<
+  ExtendedNextApiRequest,
+  NextApiResponse<z.infer<typeof APIResponseValidationSchema>>
+>(NextConnectConfig)
+  .use(passport.initialize())
+  .use(async (req, res, next) => {
+    passport.use(localStrat);
+    const parsed = LoginSchema.safeParse(req.body);
+    if (!parsed.success) {
+      throw new ServerError('Username and password are required.', 400);
+    }
+
+    passport.authenticate('local', { session: false }, (error, token) => {
+      if (error) {
+        next(error);
+      } else {
+        req.user = token;
+        next();
+      }
+    })(req, res, next);
+  })
+  .post(async (req, res) => {
+    const user = req.user!;
+    await setLoginSession(res, user);
+
+    res.status(200).json({
+      message: 'Login successful.',
+      statusCode: 200,
+      success: true,
+    });
+  });
--- a/pages/api/users/logout.ts
+++ b/pages/api/users/logout.ts
@@ -0,0 +1,27 @@
+import { getLoginSession } from '@/config/auth/session';
+import { removeTokenCookie } from '@/config/auth/cookie';
+import NextConnectConfig from '@/config/nextConnect/NextConnectConfig';
+import APIResponseValidationSchema from '@/validation/APIResponseValidationSchema';
+import { NextApiRequest, NextApiResponse } from 'next';
+import nextConnect from 'next-connect';
+import { z } from 'zod';
+import ServerError from '@/config/util/ServerError';
+
+const handler = nextConnect<
+  NextApiRequest,
+  NextApiResponse<z.infer<typeof APIResponseValidationSchema>>
+>(NextConnectConfig).all(async (req, res) => {
+  const session = await getLoginSession(req);
+
+  if (!session) {
+    throw new ServerError('You are not logged in.', 400);
+  }
+
+  removeTokenCookie(res);
+  res.status(200).json({
+    message: 'Logged out.',
+    statusCode: 200,
+    success: true,
+  });
+});
+export default handler;
--- a/pages/api/users/register.ts
+++ b/pages/api/users/register.ts
@@ -0,0 +1,55 @@
+import { NextApiRequest, NextApiResponse } from 'next';
+import { z } from 'zod';
+import ServerError from '@/config/util/ServerError';
+import nc, { NextHandler } from 'next-connect';
+import createNewUser from '@/services/user/createNewUser';
+import CreateUserValidationSchema from '@/services/user/schema/CreateUserValidationSchema';
+import NextConnectConfig from '@/config/nextConnect/NextConnectConfig';
+
+interface RegisterUserRequest extends NextApiRequest {
+  body: z.infer<typeof CreateUserValidationSchema>;
+}
+
+const validateRequest =
+  ({
+    bodySchema,
+    querySchema,
+  }: {
+    bodySchema?: z.ZodSchema<any>;
+    querySchema?: z.ZodSchema<any>;
+  }) =>
+  async (req: NextApiRequest, res: NextApiResponse, next: NextHandler) => {
+    if (bodySchema) {
+      const parsed = bodySchema.safeParse(req.body);
+      if (!parsed.success) {
+        throw new ServerError('Invalid request body.', 400);
+      }
+    }
+
+    if (querySchema) {
+      const parsed = querySchema.safeParse(req.query);
+      if (!parsed.success) {
+        throw new ServerError(parsed.error.message, 400);
+      }
+      req.query = parsed.data;
+    }
+
+    next();
+  };
+
+const registerUser = async (req: RegisterUserRequest, res: NextApiResponse) => {
+  const user = await createNewUser(req.body);
+  res.status(201).json({
+    message: 'User created successfully.',
+    payload: user,
+    statusCode: 201,
+    success: true,
+  });
+};
+
+const handler = nc(NextConnectConfig).post(
+  validateRequest({ bodySchema: CreateUserValidationSchema }),
+  registerUser,
+);
+
+export default handler;